NTFS Security Auditor

Functional Benefits

Report NTFS permissions across servers and workstations in multiple domains, including Files, Folders and Shares. View permissions using different dimensions.

Given a set of users and groups, determine which folders and files do they have access to.

Given a set of folders and files, which users have access and which groups do these users belong to?

Determine which users and groups may indirectly impact NTFS permissions based on their group memberships in nested groups (analyze inadvertent user access).

Determine the “Effective Permissions” of groups and users on shares, folders and files – permissions that have been explicitly set and those that have been inherited through groups and nested groups.

Report local shares on individual workstations and produce a summary of all such shares for your entire domain.

Perform a granular search of various types of permissions that are assigned on files and folders. For example, search for users and groups that have Full Control permission for a specified set of folders and files.

Perform a granular search for exceptions on permissions, that is, search for various types of permissions that are not assigned on files and folders. For example, search for users and groups that do not have Full Control permission for a specified set of folders and files.

Determine what type of permissions and conditions have been configured for each of the Central Access Rules in Central Access policy over the domain.

Given a set of accounts, determine which shared folders do they have effective permissions based on DAC/CAP.

Determine on which shared folders and subfolders have been affected/not affected by the Central Access Policy.

Select a Set of Domain (s) / Server (s) and determine the configured Central Access Policies and Central Access Rules.

Compare permissions on any two folders by displaying the differences in the ACLs of the folders.

Benefits

No agent installation. Information is collected, processed and displayed on the same machine where NTFS Security Auditor is installed.

Supports both Ms-Access and SQL Server for data storage.

Report on Shares, folders and files with all their permissions, including Inherited and "Apply To" information, along with additional group membership information of users and nested groups.

Generate a summary of shares and permissions for each domain.

Built-in Reports that have some of the most sought after Security reports such as:

Permissions for specific users and groups on folders report

Permissions for folders report

Permissions for specific users and groups on files report

Permissions for files report

Permissions for folders (Inherited & Explicit) report

Effective permissions for users and groups on folders report

Effective permissions for users and groups on files report

Effective permissions for specific users and groups on folders report

Effective permissions for specific users and groups on files report

File and Folder Ownership

Shares Report

Share permissions report

Perform powerful, conditional Search queries of Permissions on Files and Folders using the Power Search feature. Save frequently used queries for later use.

Ability to restrict the scope by scanning only a predefined subset of Accounts and Computers in the domain by setting up Scan Profiles. Especially useful for medium to large enterprise networks.

Enumerate Computers using the Windows Browser Service or Active Directory.

Customize reports for display.

Security Vulnerabilities reports show possible vulnerabilities in access rights assigned to users and groups on shared folder(s) or file(s).

All explicit permissions for folders

Broken inheritance and their permissions for folders

Permissions for orphaned accounts on folders

Permissions for disabled user accounts on folders

Permissions for destructive access on folders

Deny permissions set for folders (Explicit & Inherited)

User accounts that have indirect access to folders due to nested group membership

ARK for IIS 7 (ARKIIS) is a powerful reporting tool that provides configuration information from the IIS 7.x configuration store in the form of Trees, Tables and Views covering multiple web servers and websites.